Security Content Engineer – Remote at MindPoint Group in Boise, Idaho, United States Job Description Security Content Engineer – Remote Department: MSOC Location: Text code CONTENT to to apply Since 2009, MindPoint Group has been the cybersecurity firm of choice for the most security-conscious US federal agencies and commercial enterprises. We’re proud to be one of Inc. 5000’s fastest-growing companies in the country. With several Best Places to Work awards under our belts, we have a diverse employee-focused culture, accessibility, and communication between all levels and departments, and over 4 stars in reviews on Glassdoor. Come be a part of what we’re building. We use our award-winning recruitment process to seek the most skilled, experienced, and driven information security consulting experts in the industry, while simultaneously empowering applicants to determine if MindPoint Group is the right fit for them. We are profoundly invested in selecting the right people to join our team and are equally driven to expand and develop careers long-term. With positions throughout the US, a role at MindPoint Group promises you: + An opportunity to work within one of the most diverse DC-based organizations + Generous tuition and professional development reimbursements + Mentorship opportunities with leaders focused on your growth + Competitive benefits like 401k matching, 11 federal holidays, etc. + And more Job Description MindPoint Group is seeking a forward-thinking and self-motivated Security Content Engineer to focus on enhancing detection content for the Security Operations Center (SOC). This exciting role requires curiosity, creativity, and critical thinking skills, as well as superior attention to detail, great organizational skills, and the ability to work in a highly collaborative work environment. The Security Content Engineer will focus on mapping existing content to the MITRE ATT&CK framework, proposing new content development opportunities and collaborating with SOC team members to tune existing content and create and enhance operational documentation, to mentor members of the Content Team, the Detection Team and the Engineering Team. What you get to do every day: + Implement and maintain detection capabilities across SIEM and EDR/XDR platforms (for example Splunk, Sumo Logic, QRadar, LogRhythm, Carbon Black, CrowdStrike, Tanium, etc. + Evaluate existing EDR/SIEM content to determine which content should be removed or updated to improve fidelity + Leverage the MITRE ATT&CK framework, monitor the threat landscape and evaluate existing data sources to identify opportunities for new EDR/SIEM content development + Research and innovate net new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and personal research + Support the onboarding of new data sources by developing relevant EDR/SIEM content + Develop EDR/SIEM detection uses cases and review with relevant stakeholders, such as engineers, analysts, and others + Collaborate with technology staff at varying levels of expertise to improve logging from various appliances and correct misconfigurations + Coordinate closely with SOC analysts and incident responders to develop playbooks for triaging and responding to events created by the SIEM tool + Coordinate with internal and external teams to improve the accuracy of detection capabilities and implement best practice mitigations and automated response capabilities + Develop and maintain content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments + Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST + Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity Qualifications US Citizenship required What skills are required? + Bachelor’s degree in a related field or equivalent demonstrated experience and knowledge + Eight (8) years of relevant cybersecurity expertise + Direct experience developing EDR/SIEM content in collaboration with a Tier 1 security operations center + Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms + Ability to manage, analyze, and report complex data in an easy-to-understand format for a variety of stakeholders + Understanding of cyber security and IT disciplines including networking, operating systems, authentication protocols, general enterprise network architecture, and security incident response + Understanding of common enterprise technology purposes and logging capabilities including firewalls, Active Directory, antivirus/EDR, IDS/IPS, proxies, and cloud platforms + Understanding of log aggregation or correlation technology platforms (Splunk, Sumo Logic, QRadar, LogRhythm, etc.) + Understanding of security detection frameworks such as MITRE ATT&CK, Cyber Kill Chain, and NIST + Positive and Influential Attitude, Energy, and Effort + Adaptability, Accountability, Helpfulness, and Focus + Ability to communicate east-west across multiple diverse teams in both focus, skillset, and geo-location What is ideal? + Regular expression, scripting, and programming experience are not required, but highly desirable + Certifications such as Network+, Security+, CySA+, GDAT, GCED, CISSP are not required, but highly desirable Additional Information + All your information will be kept confidential according to EEO guidelines. + Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically $130-150k. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range. + Highlights of our benefits include Health/Dental/Vision, 401(k) match, Flexible Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, maternity/paternity leave, mobile phone stipend, pre-tax commuter benefits, the opportunity to participate in our mentorship program, and more + MindPoint is committed to maintaining a diverse environment. All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Job applicants that are interested in one of our openings and may require a reasonable accommodation to participate in the job application or interview process, should contact us to request an accommodation. Are you interested in a posted job opportunity but may not check all of the boxes for desired qualifications? If so, we encourage you to apply Our commitment to sustain and champion an inclusive and dynamic community of employees is a high priority Text code CONTENT to to apply To view full details and how to apply, please login or create a Job Seeker account
Cyber Kill Chain CrowdStrike Regex Splunk SIEM MITRE ATT&CK CompTIA Security+ Endpoint Detection and Response (EDR) Certified Information Systems Security Professional (CISSP) Bachelor’s Degree scripting CompTIA Network+ sumologic IBM QRadar Software Developer xdr